securityfs: do not depend on CONFIG_SECURITY

Add a new Kconfig option SECURITYFS which will build securityfs support but does not require CONFIG_SECURITY. The only current user of securityfs does not depend on CONFIG_SECURITY and there is no reason the full LSM needs to be built to build this fs. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Eric Paris <eparis@redhat.com> 2008-08-22 11:35:57 -0400
committer: James Morris <jmorris@namei.org> 2008-08-27 20:47:42 -0400
commit: da31894ed7b654e2e1741e7ac4ef6c15be0dd14b (patch)
tree: 7247357082b105a4aab13a2fb7dad73886f1a9e5
parent: 86d688984deefa3ae5a802880c11f2b408b5d6cf (diff)
4 files changed, 41 insertions, 25 deletions
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index 3738cfa209ff..f5fc64f89c5c 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -6,6 +6,7 @@ menuconfig TCG_TPM
        tristate "TPM Hardware Support"
        depends on HAS_IOMEM
        depends on EXPERIMENTAL
+        select SECURITYFS
        ---help---
          If you have a TPM security chip in your system, which
          implements the Trusted Computing Group's specification,
diff --git a/include/linux/security.h b/include/linux/security.h
index 80c4d002864c..f5c4a51eb42e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1560,11 +1560,6 @@ struct security_operations {
 extern int security_init(void);
 extern int security_module_enable(struct security_operations *ops);
 extern int register_security(struct security_operations *ops);
-extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
-                                             struct dentry *parent, void *data,
-                                             const struct file_operations *fops);
-extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
-extern void securityfs_remove(struct dentry *dentry);
 /* Security operations */
 int security_ptrace_may_access(struct task_struct *child, unsigned int mode);
@@ -2424,25 +2419,6 @@ static inline int security_netlink_recv(struct sk_buff *skb, int cap)
        return cap_netlink_recv(skb, cap);
 }
-static inline struct dentry *securityfs_create_dir(const char *name,
-                                        struct dentry *parent)
-{
-        return ERR_PTR(-ENODEV);
-}
-static inline struct dentry *securityfs_create_file(const char *name,
-                                                mode_t mode,
-                                                struct dentry *parent,
-                                                void *data,
-                                                const struct file_operations *fops)
-{
-        return ERR_PTR(-ENODEV);
-}
-static inline void securityfs_remove(struct dentry *dentry)
-{
-}
 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
        return -EOPNOTSUPP;
@@ -2806,5 +2782,35 @@ static inline void security_audit_rule_free(void *lsmrule)
 #endif /* CONFIG_SECURITY */
 #endif /* CONFIG_AUDIT */
+#ifdef CONFIG_SECURITYFS
+extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
+                                             struct dentry *parent, void *data,
+                                             const struct file_operations *fops);
+extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
+extern void securityfs_remove(struct dentry *dentry);
+#else /* CONFIG_SECURITYFS */
+static inline struct dentry *securityfs_create_dir(const char *name,
+                                                   struct dentry *parent)
+{
+        return ERR_PTR(-ENODEV);
+}
+static inline struct dentry *securityfs_create_file(const char *name,
+                                                    mode_t mode,
+                                                    struct dentry *parent,
+                                                    void *data,
+                                                    const struct file_operations *fops)
+{
+        return ERR_PTR(-ENODEV);
+}
+static inline void securityfs_remove(struct dentry *dentry)
+{}
+#endif
 #endif /* ! __LINUX_SECURITY_H */
diff --git a/security/Kconfig b/security/Kconfig
index 559293922a47..d9f47ce7e207 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -51,6 +51,14 @@ config SECURITY
          If you are unsure how to answer this question, answer N.
+config SECURITYFS
+        bool "Enable the securityfs filesystem"
+        help
+          This will build the securityfs filesystem.  It is currently used by
+          the TPM bios character driver.  It is not used by SELinux or SMACK.
+          If you are unsure how to answer this question, answer N.
 config SECURITY_NETWORK
        bool "Socket and Networking Security Hooks"
        depends on SECURITY
diff --git a/security/Makefile b/security/Makefile
index f65426099aa6..c05c127fff9a 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -10,7 +10,8 @@ subdir-$(CONFIG_SECURITY_SMACK)		+= smack
 obj-y           += commoncap.o
 # Object file lists
-obj-$(CONFIG_SECURITY)                  += security.o capability.o inode.o
+obj-$(CONFIG_SECURITY)                  += security.o capability.o
+obj-$(CONFIG_SECURITYFS)                += inode.o
 # Must precede capability.o in order to stack properly.
 obj-$(CONFIG_SECURITY_SELINUX)          += selinux/built-in.o
 obj-$(CONFIG_SECURITY_SMACK)            += smack/built-in.o
author	Eric Paris <eparis@redhat.com>	2008-08-22 11:35:57 -0400
committer	James Morris <jmorris@namei.org>	2008-08-27 20:47:42 -0400
commit	da31894ed7b654e2e1741e7ac4ef6c15be0dd14b (patch)
tree	7247357082b105a4aab13a2fb7dad73886f1a9e5
parent	86d688984deefa3ae5a802880c11f2b408b5d6cf (diff)